similar to: Proxy arp and pptp

Hi all! I posted earlier about the proxy arp configuration = http://shorewall.sourceforge.net/shorewall_setup_guide.htm#NonRouted, = and was probably not sufficiently knowledgeable on the subject. I''ve = gone through a bunch of documents on proxy arp, subnetting with proxy = arp and the documentation at shorewall, and have come up with a setup = that would be perfect for the job at hand

Greetings List Members, I''ll firstly apologise if this isn''t the place that I should be posting this message but here goes. What I want to do is have a VPN (PPTP/IPSEC/CIPE/etc) server, but it must support more than one simultaneous connection. I currently have a PPTP VPN server setup that has port 1723 and protocol 47 DNAT''d through to the internal IP

I''ve got what I think is a fairly simple home network configuration with one Linux box functioning as the firewall, VPN server, DHCP server and file/print server. I am having trouble configuring both a VPN server (PopTop) and the firewall rules for a W2K PPTP VPN client. The VPN server runs on the firewall machine and the VPN client runs on a W2K machine behind the firewall. The VPN

Hi all, I´m running a server that frecuently needs to open a pptp session with a remote server outside my Company. This server is running behind a Shorewall firewall and I don´t find information in Shorewall web page because there is no information in the link http://www.shorewall.net/PPTP.htm#ClientsBehind Nowadays I can connect this server with the remote one but te session is closed after

Hi friends, I need help. I''ve PPTP Server running behind Shorewall. The PPTP server is working OK in my LAN, but I want to connect outside and It isn''t working. I''ve configurate shorewall like http://www.shorewall.net/PPTP.htm. I add only this lines in my rules DNAT net loc:165.182.15.15 tcp 1723 - IPext DNAT net loc:165.182.15.15 47 - - IPext It isn''t

Hello, Please see the following picture: http://www.wilson-kwok.com/pptp.jpg I used one to one NAT from 210.0.0.1 to 192.168.0.2 for web server, and then use port forwarding from 210.0.0.1 to 192.168.0.3 for pptp server, but I cannot connect from my home to pptp server. Here is the nat file: 210.0.0.1 eth0:2 192.168.0.2 Here is the rules

Hey gang, I was wondering if all that documentation could or has been put into PDF format. I usually like to download documentation and read it while I''m sitting comfortably at home and I don''t want to tie up the phone line all night. Thanks, Nino p.s. If so, please feel free to attach the PDF formatted document to my e-mail ;-)

Hello, I''m trying to setup DNAT to forward to a PPTP Server behind Shorewall. I setup the PPTP rules per your documentation with tcp port 1723 and Protocol 47 DNAT to my PPTP Server in the local zone. Looking at the logs it is dropping the connection going to port 1723. It is also dropping UDP port 1701, don''t know if it is of any significance. I looked at FAQ 1a and b and the

Any recommendations for a Linux distro to put Shorewall on top of? My main concern is to be able to use a Windows NT PPTP VPN server behind the firewall. If I remember right, there were some issues with passing GRE traffic through some versions of the Linux kernel. Are they solved now or do I still have to do some cryptic kernel patches? Experiences with that? Thanks! Tim

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=512 ------- Additional Comments From kaber@trash.net 2006-09-18 07:36 MET ------- There are still some problems with the PPtP helper, I'm currently trying to fix these. Can you attach a tcpdump of a failed attempt please? -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are

I have two/three PPTP servers on my network and each one of them are on their own subnet and I want to be able to send traffic to each and everyone. My rules file entry is as follows DNAT net loc:1.1.1.1 tcp 1723 DNAT net loc:1.1.1.1 47 and DNAT net loc:2.2.2.2 tcp 1723 DNAT net loc:2.2.2.2 47 however all the traffic only goes to 1.1.1.1 because its the first DNAT entry. I tried the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a situation where some Poptop/PPTP sessions (only with FC5/Shorewall to FC5/Shorewall firewall in between) cause the following to appear in the state table (shorewall show connections). unknown 47 420 src=XX.234.79.183 dst=XX.234.137.226 packets=2 bytes=130 [UNREPLIED] src=XX.234.137.226 dst=XX.234.79.183 packets=0 bytes=0 mark=0 use=1

I have tried unsuccessfully to run both Shorewall 1.2.x, 1.3.x with Proxy ARP on a Red Hat 7.2 machine. The machine was configured as the external firewall as per the ''belt and suspenders'' layout given at http://www.skippy.net/linux/firewall/ The firewall appeared to function correctly in all functions except proxy ARP, however I must say I did not test exhaustively. After

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

Is it possible to pass PPTP packets through 2 firewalls before they hit the remote access server? I installed a Netgear ProSafe VPN firewall as the first line of defense in my network. I have since set up a Fedora Core 2 server running Shorewall 2.1.3 and Squid in non-transparent mode, between the Netgear unit and my network. So, the Netgear faces the Internet with a public, static, IP address.

Hi, All I'm tring to get a client connected to a vpn server running pptp & centos, the client connects to the server but I can't browse the internet or the local network from the client, when I stop the firewall the client can ping the server but no browsing can be done, do I need a iptables rule to allow pptp clients to use the internet or browse the network??? Sherwyn

Hi all, I read the setup at http://www.blackh0le.net/articles/vpn-dun-howto.html to setup my VPN. However, I'm having a problem which I think is proxy-ARP not working. I like to ask you to see if you know what's going on. When I ping 10.77.1.1 from windows XP machine the packets get to the 10.77.1.1 machine, but they don't have a return path to get back. When I do ping the windows

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external

Hi All, >From the documentation I have read on Shorewall, the preferred approach seems to be, to use Proxy ARP instead of Static NAT for hosting web servers in the DMZ Zone. But I have also read that this could cause problems for VPN configurations. I essentially have multiple public IP''s, which I want to map to private addresses in the DMZ. I also intend to setup a gateway between 2

I have set up a VPN over PPTP on a CentOS server using the DKMS module rpm dkms-0-2.0.6-3.el4 from http://centos.karan.org/el4/extras/stable/i386/RPMS/repodata/repovie w/dkms-0-2.0.6-3.el4.kb.html and kernel_ppp_mppe-0.0.5-2dkms.noarch.rpm at http://pptpclient.sourceforge.net/howto-fedora- core-3.phtml. I have configured the pptpd server on Centos4 to use MS_CHAPv2, 128bit encryption and